By Anupriyo Chakravarti, CTO & CPO at  Verisma

March 25, 2026

Healthcare AI has a trust problem.

Health system leaders know AI can reduce costs, improve compliance, and streamline operations. What stops most organizations is the cost of a misstep: training on sensitive patient data, governance gaps creating regulatory exposure, and vendors who can’t explain what’s inside the black box.

At Verisma, we decided early to build AI the hard way. The right way.

Why synthetic data changes everything

We made a non-negotiable commitment: we never use client data, including PHI, to train our AI models.

So, we found a better answer: synthetic data.

Ranjit Kohli put it well in his article “16 Billion — Data Everywhere: Synthetic, Good or Bad?“: synthetic data is like synthetic oil, purpose-built. It mirrors real-world patterns while protecting sensitive information. He also made a point that stuck: real-world data isn’t always available. Synthetic data fills that gap. It got me thinking: why not apply the same approach in healthcare?

We started using Gretel Synthetics to generate medically realistic records – diagnosis codes, drug references, sensitive condition flags, and anomalies. And we never touch real patient data to do it.

How it works in practice

Our engineering and data science teams developed the QA Intelligence model training and testing methodology around three principles:

• Start with context, not records. We trained the model on sentence-level patterns from medical language – teaching it what sensitive information looks like in context, without using full records.
• Generate at scale. Gretel Synthetics produces privacy-safe synthetic documents matching real clinical formats, including the edge cases our models need to learn from.
• Test the edges. Positive and negative test cases – scenarios where the model should and shouldn’t flag something – are all synthetic, reproducible and auditable.

Here’s what makes synthetic data particularly powerful: it fills gaps real data can’t. Need examples of rare events that may never show up in a real dataset? Build them. In healthcare, that means edge cases our models must recognize: sensitive conditions, unusual document structures, ambiguous clinical language – all generated on demand.

The result: a training process we can defend to any client IT or security team.

4 pillars of Verisma’s synthetic data approach

1. Privacy-first. Models trained exclusively on synthetic and public data. No PHI. No client data. Ever.
2. Clinical realism. Synthetic records modeled on real clinical formats, with diagnosis codes, drug references, real-world anomalies, and sensitive condition patterns.
3. Rigorous validation. Edge cases generated on demand, including scenarios that don’t exist in the real world, for thorough model testing.
4. Auditable by design. Every training and testing artifact can be traced, documented and reviewed. That’s a standard real-world data cannot meet.

This is what responsible AI looks like

At CHIME25, I led a focus group on how digital leaders are approaching AI governance. The pattern was clear: most organizations see AI’s potential, but few have built the structure to capture it safely.

Synthetic data is a direct answer to that gap. It lets you move fast without cutting corners on privacy, test thoroughly without regulatory exposure, and give clients something most AI vendors can’t: a clear, auditable record of how the model learned.

The broader industry is heading in this direction. NVIDIA’s synthetic data generation framework for agentic AI tackles the same challenges we faced: scarce data, sensitivity constraints, and the high cost of manual labeling. Synthetic data solves all three by generating diverse, domain-specific datasets at scale. In healthcare, where real data is valuable and tightly regulated. That’s not just a technical advantage, it’s a compliance requirement.

Most AI projects in healthcare stall on data access – waiting for approvals, de-identification work, and legal agreements. Synthetic data removes that constraint. Our teams can generate thousands of realistic test scenarios, including edge cases that may never appear in the real world. That speeds up development, improves model quality, and keeps compliance built in from day one.

Our QA Intelligence models are trained, tested and validated entirely on synthetic data – and they perform with the reliability healthcare demands. You don’t have to choose between moving fast and staying compliant.

Let’s move the industry forward together

Accelerating AI in healthcare without sacrificing reliability, compliance, or patient trust is an industry-wide challenge and requires industry-wide collaboration.

We’re happy to share what we’ve learned: the methodology, the tools, the lessons from testing at scale, and the governance framework making it all defensible. Whether through conference sessions, peer roundtables, or direct conversations with technology leaders, Verisma is committed to helping the industry move forward.

If you’re working through these challenges at your organization, let’s talk.

Anupriyo Chakravarti is CTO & CPO at Verisma, leading technology strategy and product development for healthcare’s leading health information lifecycle platform. He speaks regularly on AI governance, healthcare data transformation, and technology leadership at leading healthcare technology conferences and industry associations.

By Anupriyo Chakravarti, Chief Technology & Product Officer at Verisma

January 30, 2026

Healthcare data management is at a crossroads. Labor costs have risen 15 percent year–over–year, regulatory complexity continues to expand, and the pressure to do more with less has never been greater. In my conversations with health system CIOs and technology leaders, one theme emerges consistently: the organizations treating AI governance as a strategic capability, not a compliance checkbox, will define the next era of healthcare operations.

I had the opportunity to test this thesis at CHIME25 – Fall Forum, where I led a focus group titled “Rewriting Healthcare Data Rules: Digital Leaders, Innovators, and Disrupters Unite.” We surveyed attendees before the conference to understand how they’re approaching artificial intelligence, legacy systems, interoperability, and vendor relationships. The findings confirmed what I’ve observed across hundreds of client engagements: most organizations recognize AI’s potential, but few have built the governance foundation to capture it safely.

Here’s what the data revealed – and what it means for healthcare technology strategy.

Key Findings: An Industry in Transition

1. Data Governance Ownership Remains Fragmented
CIO/IT leadership drives data governance in most organizations, with joint committees and compliance/legal playing supporting roles. Fewer than 10 percent reported no clear ownership. The implication: Organizations with dedicated governance structures will move faster on AI adoption.

2. AI Training Data Concerns are Real – but Nuanced
While there’s openness to AI innovation, organizations remain vigilant about third–party data access. Most enforce strict controls over vendor use of data for model training. The strategic insight: Healthcare leaders aren’t anti-AI; they’re anti-opacity. Vendors who provide transparency, auditability, and clear data boundaries will earn trust.

3. Interoperability Remains a Multi–Front Battle
While organizations struggle equally with standards adoption, system integration, and partner data sharing, no single blocker dominates. Most have policies in place, but consistency and enforcement vary widely. What this signals: Point solutions won’t solve interoperability. Organizations need integrated platforms – built with universal connectors in addition to APIs – that address the full data lifecycle, from intake through archive.

4. Legacy Decommissioning is Reactive, not Strategic
Most organizations archive legacy systems to mitigate risk rather than as part of a deliberate data strategy. There’s growing openness to monetizing de-identified data for research, but risk concerns dominate decision-making. The opportunity: Organizations shifting from reactive archiving to strategic data lifecycle management can unlock cost savings and new revenue streams.

5. Global Resource Sentiment is Shifting
Opinions on using global resources for data-related tasks lean toward caution, but a meaningful minority, about 25 percent, is open to increased global partnerships. Looking ahead: As AI handles more routine tasks, the calculus around global delivery models will evolve.

The AI Maturity Gap

We asked respondents which stage of AI/data governance maturity best reflects their organization:

• Level 1: Ad hoc tools, minimal governance, data silos
• Level 2: Emerging AI/machine learning use with basic automation and foundational policies
• Level 3: Standardized platforms, governed data, formalized policies

The majority cluster at Levels 1 and 2. Very few have reached Level 3, and almost none have progressed beyond it to advanced stages where AI augments decision–making across operations.

This maturity gap represents a risk and opportunity. Organizations remaining at Level 1-2 will struggle to capture efficiency gains while managing compliance exposure. Those accelerating to Level 3 and beyond can achieve 40-60 percent productivity improvements in data-intensive workflows while strengthening compliance posture.

Verisma’s AI Maturity Model: A Framework for Transformation

Based on these findings and our experience partnering with 2,300+ healthcare organizations, we developed an enhanced maturity framework.

The model assesses five dimensions:

1. Technology Infrastructure – From siloed tools to integrated intelligent platforms

2. Data Governance – From ad hoc policies to enterprise–wide standards with automated enforcement

3. Process Automation – From manual workflows to AI–augmented operations

4. Value Realization – From cost–center metrics to measurable business outcomes

5. People and Change – From resistance to adoption to workforce enablement and upskilling

What makes this framework different: It’s not theoretical. Each maturity level includes specific benchmarks, implementation tools, and a phased roadmap with measurable success criteria. We built it for organizations that need to show progress quarterly, not just aspire to transformation over years.

The Strategic Moat: Human-in-the-Loop AI Governance

I’ll share a perspective that may diverge from the industry hype: organizations that win with AI won’t automate the most, they’ll automate responsibly.

Many vendors offer point solutions for robotic process automation or document classification. Verisma’s approach is fundamentally different. We’ve built an integrated platform spanning the full health information lifecycle – intake, retrieval, quality assurance, disclosure, and archiving – with human oversight embedded at every decision point
.
Why does this matter, strategically:

• Regulatory durability: Healthcare AI regulations are tightening. Solutions built on black–box automation face compliance risk. Human-in-the-loop architectures are designed for the regulatory environment that’s coming, not just today’s requirements.
• Quality assurance: Our AI workflows use confidence thresholds automatically triggering human review when certainty falls below acceptable levels. This isn’t a safety net, it’s a design principle. Organizations using this approach achieve 38 percent faster turnaround times while reducing unauthorized disclosure incidents by 50 percent.
• Auditability: Every AI decision is logged with immutable trails, reviewer attestations, and exception documentation. When regulators or auditors ask, “How did this decision get made?” There’s a clear answer.
• Workforce enablement: We don’t replace health information professionals; we amplify them. Staff handle exceptions and complex judgments while AI manages routine processing.

The Path Forward: From Maturity Assessment to Business Outcomes

Based on our CHIME25 research and client experience, here’s what I believe healthcare technology leaders should prioritize:

1. Assess honestly. Most organizations overestimate their AI maturity.

2. Governance before acceleration. The organizations moving fastest on AI adoption aren’t the ones with the biggest budgets. They have the clearest governance frameworks measuring and optimizing outcome metrics.

3. Demand transparency from vendors. Ask tough questions: Where does my data go? How are models trained? What happens when the AI’s uncertain?

4. Measure business outcomes, not AI activity. For instance, for release of information, track turnaround time and compliance incidents, not number of AI models deployed.

5. Plan for workforce transition. AI will change roles, not eliminate them.

Looking Ahead

In the next three years, I expect 75 percent of routine healthcare data tasks to be AI–assisted. The organizations thriving won’t adopt AI first. They’ll build governance, infrastructure, and workforce capabilities to adopt AI well.

Healthcare technology leaders are ready for this transformation. They’re looking for partners understanding operational realities and delivering practical innovation with transparency and accountability. If you’re evaluating your organization’s AI maturity, let’s chat.

About the Author

Anupriyo Chakravarti is Chief Technology & Product Officer at Verisma, leading technology strategy and product development for healthcare’s leading health information management platform. He speaks regularly on AI governance, healthcare data transformation, and technology leadership at industry conferences including AHIMA, CHIME and HIMSS.

By Ben Mauldin, Vice President of Mid-Market at Verisma

November 7, 2025

About CCRM

Colorado Center for Reproductive Medicine (CCRM) Fertility, a global pioneer in fertility treatment, research and science, was founded in 1987 by Dr. William Schoolcraft and since its inception has achieved international recognition for clinical excellence and advanced research in reproductive medicine. They have 80+ physicians across 40+ clinics nationwide, and a team of research scientists, PhDs, embryologists, and professional staff dedicated to helping patients achieve their dream of having a baby.

CCRM Fertility offers patients best-in-class care and access to a network of award-winning physicians, a full suite of fertility services, innovative technology, and state-of-the-art labs. Their proprietary approach results in patient outcomes far exceeding the industry average for live births.

Rather than outsource specialists and testing needs, CCRM leverages its own data and a dedicated team of in-house reproductive endocrinologists, embryologists and geneticists to deliver consistent results. This centralized approach to comprehensive fertility care relies on in-house lab operations, proprietary research, and data to set the standard in fertility care and treatment.

Pain Points

Because CCRM Fertility was helping so many patients thrive, they also found themselves overwhelmed with a high volume of patient and provider requests for medical records. Provider-to-provider requests are extremely important due to patient impact and pregnancy follow-up with obstetrics and gynecology (OB/GYN).

CCRM also services a high-volume of international patients, so requesters living outside the United States needed records too. Their backlog was growing daily, and they needed help to fulfill these requests for health information to enhance consumer experience and maintain compliance.

Right-Sizing at Scale to Remove Burden

CCRM Fertility called upon Verisma, the leader in health information lifecycle management trusted by 20,000 client sites across all 50 states, to assist. CCRM uses GE Healthcare’s Centricity™ Perinatal Software to help clinical teams deliver high-quality perinatal care. Because Verisma is electronic health record (EHR)-agnostic, we were ready to help with the mounting record requests.

CCRM Fertility began automating their release of information (ROI) process and provide compliance guidance from request intake to fulfillment with Verisma Release Manager®, ensuring 100 percent of HIPAA-covered requests are reviewed for quality assurance, monitoring with analytics tools for the highest level of insights and transparency, and leveraging deep-rooted expertise blended with the needs of CCRM’s existing team.

We’re so proud of what we were able to do for CCRM Fertility and wanted to share their experience with other providers facing similar challenges.

Client Testimonial

According to Ashley Edwards, Front Office Manager at CCRM:

“Verisma stepped in and made a world of difference! They helped us clean up our backlog in record time and made our process for outgoing records seamless. They’re so easy to work with and get ahold of for questions.

They also always communicate if there are any process changes. Their system is so easy to access and pull past sent records or look for updates on where they are in the process.

Everyone we’ve worked with is fantastic. They’re always on top of everything and great with rush requests.

I couldn’t recommend them more for any clinic searching for an easy way to handle outgoing medical record requests. They’ve been truly phenomenal!”

Get Started Today

Thanks for your ringing endorsement, Ashley!

Verisma partners with healthcare organizations of all sizes, including specialty clinics such as CCRM Fertility. We have proven experience right-sizing solutions at scale to remove administrative burden for myriad clients. If your organization is facing similar challenges, please contact us today and let’s get started!

By Michael Pittroff, Archiving Specialist at Verisma

September 26, 2025

Health information management (HIM) professionals are the stewards of patient data – uniquely positioned at the intersection of clinical care, compliance, and system operations. Their expertise ensures medical records are managed with the highest standards of accuracy, accessibility and confidentiality.

When organizations archive legacy applications, HIM’s insights are essential to guarantee data is preserved, retrievable, and fit for future needs—from patient care to compliance audits.

Preserving Metadata, without Compromise

When HIM isn’t involved in archiving, critical elements of medical records can be lost. Preserving metadata beyond extract, transform and load (ETL) tools forcing providers to pick-and-choose which data they want to bring over during the mapping process – details like lab reference ranges, test locations, and result flags – is essential for clinical context, continuity of care, and regulatory response.

Without this vital information, organizations risk incomplete records which could impact patient safety, hinder responses to subpoenas or audits, and jeopardize compliance with professional regulations – especially important as OCR changes the definition of the designated record set.

Administrative and technical decisions made without HIM’s input may also compromise data integrity or accessibility, potentially leading to inefficiencies. Providers searching multiple systems for medical records for hours, days or weeks – rather than benefiting from a unified software platform in seconds – can delay care, frustrating staff and patients.

Supporting Complex Health Information Workflows

When HIM’s absent, projects may focus solely on IT, cost or infrastructure – prioritizing financial savings or technical feasibility over clinical or compliance requirements. This shift can lead to solutions that, while budget-friendly, might not meet all regulatory standards or support complex health information workflows.

Without HIM advocacy, organizations may not recognize the ongoing value of complete, context-rich records supporting everything from accounts receivable (AR) burndown in revenue cycle management to defending against legal challenges. Overlooking these priorities can create unintended risks and missed opportunities for value creation within the organization – reducing overhead associated with infrastructure and licensing fees.

Ensuring Integrity, Accessibility and Compliance

HIM professionals care deeply about participating in archiving decisions because these projects directly affect their core responsibilities – ensuring the integrity, accessibility and compliance of health records. HIM’s changing structure – moving under IT, compliance, revenue cycle, or access – means their voice can easily be marginalized unless they have a seat at the table.

Their involvement is crucial to safeguarding patient data, supporting clinical care, and protecting their organization from regulatory and legal risks.

Reducing Data Breaches

Legacy applications also increase the risk of data breaches because they often operate on outdated, unsupported servers lacking essential security updates and patches – making them vulnerable to attacks.

As staff retire or move on these systems can go unmonitored, with knowledge of their operation lost – leaving sensitive information exposed to accidental and malicious threats. Accessing data sometimes requires lowering security measures, and without proper audit trails or compliance with current regulations, organizations face heightened risks of unauthorized disclosures (UAD), legal penalties, and data loss.

Migrating to secure, modern platforms and involving HIM in the archiving process are vital steps to protect patient data and preserve regulatory compliance.

Influencing Leadership to Adopt Best Practices

Advocacy is essential for HIM, ensuring their expertise shapes organizational decisions about data archiving and legacy system management. By articulating the value they bring – such as preventing data loss, preserving metadata, and facilitating efficient release of information (ROI) – they can influence leadership to adopt best practices serving clinical and operational needs.

Advocacy also positions HIM as indispensable partners in broader initiatives, from cost reduction to revenue cycle optimization, demonstrating their strategic value in the evolving health data landscape.

Archiving Today to Prepare for Tomorrow

Health information professionals aren’t just “nice-to-have” participants at the archiving table. They’re critical to ensuring data integrity, compliance, and operational efficiency. HIM’s absence can lead to costly mistakes, incomplete records, and organizational risk. Their presence and advocacy empower healthcare organizations to meet today’s challenges and prepare for tomorrow’s needs – especially when faced with the next merger and acquisition (M&A) and you’re back at the table to archive, again.

Ready to revolutionize clinical data management? We’re here to help. Contact us today.

By Anupriyo Chakravarti, Chief Technology & Product Officer at Verisma

September 5, 2025

Health information departments face mounting pressure to process record requests faster, maintain compliance, and manage growing data volumes while navigating staffing shortages and budget constraints. In response, we introduced Verisma’s responsible artificial intelligence (AI) solution suite built specifically for health information management (HIM). The suite combines intelligent automation with human oversight to improve speed, quality, and regulatory compliance – without removing professionals from sensitive decisions.

We’ve developed a feature set working together to streamline intake, improve compliance, accelerate retrieval, and enhance support for requestors, all grounded in a human-in-the-loop approach keeping HIM experts in control.

In this post, we’ll take you through each of these features and share how we’re approaching them and impacting the market.

Human-in-the-Loop by Design

Many healthcare AI offerings aim to fully automate decision-making, risking errors in sensitive record handling, compliance violations, and loss of trust. At Verisma, we embed human oversight at key decision gates – intake validation, authorization checking, quality, and final release, so outcomes remain accurate, ethical and defensible.

In practice, that means:

• Flagging commingled records before release.
• Pre-populating intake data for HIM validation to compress cycle time.
• Handling routine status calls with a digital support agent, while keeping a speak-to-a-human option at every step.

One of the first impact areas we’ll dive into is improving compliance and quality.

AI-Supported Compliance and Quality

Sensitive categories (e.g., behavioral health or substance-use information) can be missed in manual workflows, leading to unauthorized disclosures (UAD). Technology Assisted Review™ – our quality assurance engine – uses AI to flag sensitive content (including state overlays and 42 CFR Part 2) and route exceptions for expert review, with auditable human approval before disclosure.

After a new lab interface was deployed by a health system we service, our Intelligent Quality Review solution detected cross-patient commingling and flagged it for human investigation, leading to remediation of the glitch in the lab interface to the electronic health record (EHR). Over 18 months, this safeguard helped prevent potential mis-release of ~200,000 records under client validation and compliance oversight.

With even more emphasis on quality, we can tackle one of the largest challenges in release of information (ROI), structuring all the requests that come through disparate channels and making them actionable, fast.

Structuring Data at Intake

Manual logging and categorization are time-consuming and error-prone, often causing misrouted requests, billing issues, and delays. Verisma Intake Intelligence extracts key fields and accurately classifies requests, improving turnaround time and significantly reducing logging time (based on client implementations).

When immediate processing is critical, such as stat or legal requests with statutory deadlines, requests route to Verisma Inbox™, where a rules engine determines urgency and logs the prioritized request into Verisma Release Manager® (VRM), always with human-in-the-loop verification. VRM is a HITRUST-certified cloud platform tracking, auditing and processing each request. It enforces Health Insurance Portability and Accountability Act (HIPAA), state laws, and provider policies; timestamps every action for discoverability; and uses smart queues to maintain SLAs.

Retrieving records across multiple health system record sources is a persistent bottleneck and the next area we’ll address.

Seamless Retrieval Across 7,000+ Connections

Verisma’s Integration Engine retrieves the right records at the right time using specialized connectors, like standard-based APIs (FHIR R4, HL7 v2), where available, and universal connectors, like monitored robotic process automation (RPA), when necessary, spanning 7,000+ connections to EHR instances and health data sources.

The platform assembles a release packet aligned to request type and documented patient authorization, then flags it for automated quality check and human approval, absorbing surge volume without incremental headcount and accelerating turnaround.

We know the last thing providers want is to manage complaints from requestors because they’re frustrated and don’t know the status of their request. Our final feature in the suite aims to elevate the requestor experience and meet their needs 24/7.

AI-Powered Requestor Support

Patients, attorneys, and other requestors want clarity without delay. Our 24/7 multilingual digital agent answers common questions, provides status updates, and escalates complex issues to staff when needed. It detects a preferred language, audits all interactions, and integrates with VRM, improving satisfaction and reducing average handling time, while always offering a speak-to-a-human option.

Success, Built on Trust

In summary, Verisma’s AI workflows are fully auditable – with immutable logs, reviewer attestations, and exception trails. Models operate within PHI-safe boundaries (encryption in transit and at rest, along with least-privilege access), undergo regular evaluation and drift monitoring, and use confidence thresholds automatically triggering human review. It’s how we pair the speed of AI with the judgment of HIM professionals safely and provide:

• Logging speed and efficiency gains via intelligent intake.
• Accelerated record retrieval with smart, scalable integration.
• Enhanced protection for 2,300+ facilities from UADs with Technology Assisted Review™.
• 24/7 multilingual support through our digital agent, with seamless escalation to people.

HIM departments need partners who understand operational realities and deliver practical innovation. With our responsible AI suite, we’re empowering professionals, protecting patient data, and shaping the future of health information, together.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Compliance and Government Affairs
Verisma
July 25, 2025

I wanted to take a moment to break down recent updates regarding the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Final Rule supporting reproductive health care, also known as the 2024 Privacy Rule – applying to all organizations. 

Last month there was a judgment issued in the Purl v. Department of Health and Human Services (HHS) case giving a definitive answer whether we need to continue with the 2024 Privacy Rule and its attestation process. 

The judgment, posted June 18, has the judge vacating the vast majority, or about 90 percent, of the 2024 Privacy Rule. 

The judge only kept provisions of the 2024 Privacy Rule correlated with Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act.  If you’re an AHIMA member you probably recognize this as the Protecting Jessica Grubb’s Legacy Act, a notice of privacy practice changes for substance use disorder records. Fortunately, under existing HIPAA regulations, she was able to narrowly select the information to be released and designate an alternate address for communication to protect her privacy. However, this protection could be jeopardized by proposed legislation, including Florida’s SB 1606.

In simpler terms, we’re going back to the pre-compliance date of release of information (ROI) procedures – rewinding back to December 22, 2024 workflows. 

The Purl case was handled by a federal court, located in the Northern District of Texas, making it a national court. In the decision, the judge spent time detailing that this judgment is applicable nationally – meaning providers from Maine to Hawaii are covered by the judgment. HHS can appeal the judge’s decision until August 18. 

Several other pending cases have had stays, or administrative closure orders, issued after judgment was handed down in the Purl case. Those cases have status updates due August 25 when HHS must decide whether to appeal the judgment and the parole case by August 18 as well. 

Please speak with your organization’s legal counsel before you make any policy and procedure changes. If you have any questions we’re here to answer them, so please feel free to reach out!